Bug#462621: xterm: clearing TAB starting from column 320 or later can cause segmentation fault

To: "Debian Bug Tracking System" <submit@bugs.debian.org>
Cc: Thomas Dickey <dickey@invisible-island.net>
Subject: Bug#462621: xterm: clearing TAB starting from column 320 or later can cause segmentation fault
From: Németh Márton <nm127@freemail.hu>
Date: Sat, 26 Jan 2008 09:39:53 +0100
Message-id: <[🔎] 479AF1D9.6030309@freemail.hu>
Reply-to: Németh Márton <nm127@freemail.hu>, 462621@bugs.debian.org

Package: xterm
Version: 231-1
Severity: important

The TAB positions are stored in a bitmap array, which is defined in ptyx.h, line
1961. The size of this array is TAB_ARRAY_SIZE which is defined to be 10. Thus,
Tabs array consists of ten 'unsigned int', tabs.c stores 32 positions in one
position. This means that the all together 320 column position can be stored
in the Tabs array.

However, if the xterm window has more than 320 columns overindexing can happen.
This will lead to "Segmentation fault".

Steps to reproduce:

1. open an xterm window

2. Copy, paste and execute the following escape sequence, which will set
the font size to "unreadable" size:

echo -e -n "\e]50;#1\0"

3. Copy, paste and execute the following escape sequence, which will resize
the xterm window to the maximum possible size:

echo -e "\e[9;1t"

4. Copy, paste and execute the following loop which will clear the TAB stops
at each possible column:

for i in $(seq 0 1024); do echo -e -n "\eHx"; done

Actual result: "Segmentation fault"

Expected result: the overindexing is not possible

My screen resolution is 1024x768.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.23 (PREEMPT)
Locale: LANG=hu_HU, LC_CTYPE=hu_HU (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/bash

Versions of packages xterm depends on:
ii  libc6                     2.7-5          GNU C Library: Shared libraries
ii  libfontconfig1            2.5.0-2        generic font configuration library
ii  libice6                   2:1.0.4-1      X11 Inter-Client Exchange library
ii  libncurses5               5.6+20071215-1 Shared libraries for terminal hand
ii  libsm6                    2:1.0.3-1+b1   X11 Session Management library
ii  libx11-6                  2:1.0.3-7      X11 client-side library
ii  libxaw7                   2:1.0.4-1      X11 Athena Widget library
ii  libxext6                  1:1.0.3-2      X11 miscellaneous extension librar
ii  libxft2                   2.1.12-2       FreeType-based font drawing librar
ii  libxmu6                   1:1.0.3-1      X11 miscellaneous utility library
ii  libxt6                    1:1.0.5-3      X11 toolkit intrinsics library
ii  xbitmaps                  1.0.1-2        Base X bitmaps

Versions of packages xterm recommends:
ii  xutils                      1:7.1.ds.3-1 X Window System utility programs

-- no debconf information

Reply to:

Follow-Ups:
- Bug#462621: xterm: clearing TAB starting from column 320 or later can cause segmentation fault
  - From: Németh Márton <nm127@freemail.hu>
- Bug#462621: xterm: clearing TAB starting from column 320 or later can cause segmentation fault
  - From: Németh Márton <nm127@freemail.hu>

Prev by Date: Bug#462582: xserver-xorg-video-ati: regression, size configuration incredibly broken, on bog-standard display size
Next by Date: Bug#462621: xterm: clearing TAB starting from column 320 or later can cause segmentation fault
Previous by thread: Bug#462590: marked as done (xserver-xorg: X-server sometimes stops with: mieqEnequeue: out-of-order valuator event; dropping.)
Next by thread: Bug#462621: xterm: clearing TAB starting from column 320 or later can cause segmentation fault
Index(es):
- Date
- Thread